<?php

/* This is an example of same page validation.  It's a common technique but I guess
   it violates MVC because here we have controller code and *GASP* a DB query in 
   our 'view'. */

/* Get DB connection if there isn't already a DB connection */
include_once("includes/config.inc.php");
include_once(MYSQL);

/* Start session if it isn't already started */
if(!isset($_SESSION))
{
  session_start();
}

/* This block of code is only excuted if the form has been submitted */
if($_SERVER['REQUEST_METHOD'] == "POST")
{
  /* If both email and password fields were set */
  if(isset($_POST['email'], $_POST['password']))
  {
    $email = $_POST['email'];
    $pass = $_POST['password'];

    /* Escape shady characters just in case */
    $email = mysqli_real_escape_string($dbc, $email);
    $pass =  mysqli_real_escape_string($dbc, $pass);

    /* A DB query in string form to check if there's a email / password match
       in the DDB. */
    $q = "SELECT id, email FROM User WHERE email = '" 
          . $email . "' AND password = SHA1('" . $pass . "');";
    
    /* The query is made and the result is stored in $r */
    $r = mysqli_query($dbc, $q);
    
    /* The first row is fetched from the result and put into an array */
    $row = mysqli_fetch_row($r);
    
    /* We only want to keep the user's email address, so we store that in the
       $_SESSION array in an index we made up called 'email' and now we can pass
       it around everywhere until the user closes the browser.  When the browser
       is closed, the session ends, and the user is logged out.  */
    if(isset($row[0], $row[1]))
    {
      $_SESSION['id'] = $row[0];
      $_SESSION['email'] = $row[1];
      
      if(!headers_sent())
      {
        header('Location: status.php');
      }
      else
      {
        echo "<script>window.location.replace('status.php');</script>";
      }
    }
    else
    {
      /* If the user's attempt at logging in fails, use this variable to display
         an error. */
      $login = false;
    }
  }
}

?>

<?php include("includes/header.php"); ?>


<style>
/* Overwrite page_container style background color */
#page_container
{
  background-color: transparent;
}
#login_form_container{
  margin:100px auto;
  border: 1px solid #5f0808;
  width: 500px;
  border-top-left-radius: 5px;
  border-top-right-radius: 5px;
}
#login_form_title
{
  background-color: #5f0808;
  height: 25px;
  width: 100%;
  text-align: center;
  border-top-left-radius: 4px;
  border-top-right-radius: 4px;

}
#login_form_title h3
{
  color: #f9f9f9;
  padding: 0px;
  margin: 0px;

}
#login_form_footer
{
  text-align: center;
  margin-bottom: 20px;
}
#login_form_footer a
{
  color: #5f0808;
}
#login_form
{
  margin: 20px auto;
  width: 200px;
}
.error
{
  font-size: 80%;
  color: red;
  text-align: center;
}
.success
{
  font-size: 80%;
  color: green;
  text-align: center;
}
</style>

<div id="login_form_container">
  <div id="login_form_title"><h3>User Login</h3></div>
  <?php
  
  /* If the user attempted a login, but failed.  This error messag is displayed. */
  if(isset($login))
  {
    echo "<p class=\"error\">The login information you supplied was incorrect. 
          Please try again.</p>";
  }
  if(isset($_GET['newaccount']))
  {
     echo "<p class=\"success\">Your account has been created, please log in.</p>";
  }
  if(isset($_GET['redirect']))
  {
    echo "<p class=\"error\"> You need to be logged in to visit that portion of the site.</p>";
  }
  ?>
	<form id="login_form" action="login.php" method="POST">
		<label>Username:</label><br />
			<input type="email" name="email" maxlength="80" required/><p></p>
		<label>Password: </label><br />
			<input type="password" name="password" maxlength="20" required/><p></p>
		<br />
			<input type="submit" value="Login" style="float:right"/><p></p><br />
			</form>

  <div id="login_form_footer">
    <a href="password_forgot.php">Reset password</a> | <a href="create_account.php">Create account</a>
  </div>
</div>

<?php include("includes/footer.php"); ?>
